General Interest Archives - OF DIGITAL INTEREST

General Interest

Telehealth-Related Updates Included in 2019 Medicare Physician Fee Schedule

by Lisa Mazur | Nov 7, 2018 | General Interest, Telehealth

On November 1, 2018, the Centers for Medicare and Medicaid (CMS) issued final rules for updating the 2019 Medicare Physician Fee Schedule to implement recent telehealth-related legislative reforms. As reported in our Digital Health Mid-Year Report: Focus on Medicare, these changes are expected to have a material impact on the ability of providers to receive payment for delivering telehealth services. Certain key changes are highlighted below:

Qualified providers may be reimbursed when providing telehealth services for stroke and kidney disease—even when patients are located in their own homes.
Qualified providers may receive a small amount of reimbursement for holding “virtual check-in[s]” with patients and when they evaluate recorded video and images from an established patient. CMS noted that these changes are aimed at allowing providers to help determine whether an in-person visit or additional follow-up is needed. Doing so “increase[s] efficiency for practitioners and convenience for beneficiaries.”
CMS also issued an interim final rule related to the recently-signed SUPPORT for Patients and Communities Act, a bipartisan piece of legislation that was passed to combat the opioid crisis. Similar to the Bipartisan Budget Act, the SUPPORT Act removed the originating site requirement for substance abuse and related mental health treatments. There is a 60-day comment period before this rule will be finalized.

Together, these rules represent a substantial expansion of Medicare reimbursement for services provided via telehealth. For additional guidance on how to interpret and implement these new changes, please contact your regular McDermott attorney.

GDPR 6 Months After Implementation: Where are We Now?

by Amy C. Pimentel and Mark E. Schreiber | Nov 5, 2018 | Cybersecurity, Data Privacy, General Interest

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come.

Critical provisions

The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside the EU that offer goods or services to, or monitor the behavior of, individuals located in the EU.

The GDPR uses other terms not familiar to US businesses but which need to be understood. Both “data controllers” and “data processors” have obligations under the GDPR, and data subjects can bring actions directly against either or both of those parties. A data controller is an organization that has control over and determines how and why to process data. A data controller is often, but not always, the organization that has the direct relationship with the data subject (the individual about whom the data pertains). A data processor is an organization that processes personal data on behalf of a data controller, typically a vendor or service provider. The GDPR defines “processing” to mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., collection, recording, storage, alteration, use, disclosure and structuring).

The GDPR also broadly defines “personal data” as any information directly or indirectly relating to an identified or identifiable natural person, such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Organizations in the US are used to a narrower definition of personal data, which typically includes information that, if breached, would put an individual at risk of identity theft or fraud and require notice (e.g., Social Security numbers, driver’s license numbers, and financial account, credit and debit card numbers). (more…)

ONC Sends Information Blocking Proposed Rule to OMB

by James A. Cannatti III | Sep 19, 2018 | General Interest

The Office of the National Coordinator for Health Information Technology (ONC) is one step closer to issuing its long-awaited proposed rule to implement various provisions of the 21st Century Cures Act, including proposed regulations distinguishing between prohibited health information blocking among health care providers and health information technology vendors and other permissible restrictions on access to health information. According to its website, the Office of Management and Budget (OMB) received ONC’s proposed rule for review on September 17, 2018. OMB review is one of the final steps in the process before a proposed rule is published in the Federal Register for public comments. OMB did not identify a deadline for completing its review. The agency generally has up to 90 days to complete its review, but can take less time than that.

In addition to defining the scope of prohibited information blocking conduct, the proposed rule is likely to address other issues of interest to health industry stakeholders. According to OMB, the proposed rule “would update the ONC Health IT Certification Program (Program) by implementing certain provisions of the 21st Century Cures Act, including conditions and maintenance of certification requirements for health information technology (IT) developers, the voluntary certification of health IT for use by pediatric healthcare providers, health information network voluntary attestation to the adoption of a trusted exchange framework and common agreement in support of network-to-network exchange, and reasonable and necessary activities that do not constitute information blocking. The rulemaking would also modify the Program through other complementary means to advance health IT certification and interoperability.”

Subscribe here to receive future updates from McDermott.

Blazing New Trails in Health Care and Technology Innovation Ventures

by Bernadette M. Broccolo and McDermott Will & Emery | Jun 19, 2018 | Big Data, General Interest, Telehealth

As the health industry evolves to meet consumer expectations for better quality, lower-cost and more convenient health care options, the demand for technology-driven innovation is accelerating as is the level of interest and investment among stakeholders or all sorts.

Health systems and other institutional providers are playing a more active investment role in the commercialization of biomedical, digital health, and other important health care discoveries in order to remain competitive, secure their positions as industry leaders and generate growth opportunities. This more active role also affords their internal innovators (e.g., physicians and scientists) to play a meaningful role in accelerating the commercialization of home-grown discoveries that may otherwise be left in “the valley of death” between government-funded basic research and later stage, industry-funded commercialization. Drug and medical device manufacturers, venture capital, private equity firms, large donors and other investors are injecting significant capital into fueling research, development and commercialization of health care technology innovation. On the one hand, health care systems and providers welcome such external co-investors who bring sophisticated expertise in product and market research, technology innovation, valuation and strategy capabilities, as well as access to networks of potential co-investors. For such external co-investors, on the other hand, joining forces with health care institutions affords much needed access to the expertise and thought leadership of clinicians, scientists and health technology innovation; a ready‑made proving ground and “anchor customer” for the product; and the halo effect of the health care provider around the co-investor’s clinical care and research reputation. The theory and the hope is that the combined capital and the different, but complementary, expertise, experience and perspectives of such co‑investors provides a formula for financially successful innovation that is transformative and not merely disruptive. (more…)

Live Webinar: Developing and Procuring Digital Health AI Solutions: Advice for Developers, Purchasers and Vendors

by McDermott Will & Emery, Bernadette M. Broccolo, Dale C. Van Demark, Jeremy Earl, Jennifer S. Geetter, Jiayan Chen, Michael W. Ryan, Paul W. Radensky, MD and Vernessa T. Pollard | Jun 8, 2018 | Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, General Interest, Mobile Apps, Telehealth

Join McDermott next Wednesday for a live webinar on the unique considerations in developing and procuring AI solutions for digital health applications from the perspective of various stakeholders. We will discuss the legal issues and strategies surrounding:

Research and data mapping essential to the development and validation of AI technologies
Protecting and maintaining intellectual property rights in AI solutions
Technology development
Risk management and mitigation for various contractual arrangements, including contracts with customers, vendors and users

We will also focus on the trends in US law for AI solutions in the digital health space, and present actionable advice that will help you develop an effective strategy for developing and procuring AI solutions for digital health applications.

Developing and Procuring Digital Health AI Solutions: Advice for Developers, Purchasers and Vendors
Wednesday, June 13, 2018 | 11:00 am CT | 12:00 pm ET
Register Here

Recycle, Recycle, Recycle: Key Considerations for Research, Medical Education, and Other Secondary Uses of Data

by McDermott Will & Emery and Jiayan Chen | Jun 6, 2018 | Big Data, Data Privacy, General Interest, Mobile Apps, Telehealth

The digitization of health care and the proliferation of electronic medical records is happening rapidly, generating large quantities of data with potential to provide valuable insights into disease and wellness and help solve challenging public health problems.

There is tremendous enthusiasm over the possibilities of leveraging this data for secondary use–i.e., a use of data that is distinct from the purpose for which it was originally collected. However, such secondary use is often subject to intersecting legal and regulatory regimes–including HIPAA, the Common Rule, and the Federal Food, Drug, and Cosmetic Act and its implementing regulations–that are not fully harmonized. This lack of harmonization in requirements, coupled with the wide range of industry players involved–including regulators, academic medical centers, health systems, payers, technology companies, manufacturers and industry entities, research institutions, registries, and professional societies, to name a few– presents challenges that require careful planning and implementation. While regulators have recently taken significant steps to reconcile the differences among these laws and provide a path forward for harnessing the potential of big data, some specific requirements within these individual regulations continue to present challenges.

It is critical for academic medical centers and teaching hospitals, which stand at the intersection of government-funded research and industry-sponsored research, and are also paving the way in partnerships with non-traditional health care players—to understand the evolving legal framework and business and compliance imperatives behind the quest for digital health information.

During the AHLA Annual Meeting on Tuesday, June 26, McDermott partner Jiayan Chen will review trends and the value proposition relating to secondary use, with a particular focus on challenges presented by secondary use in the precision medicine and digital health context. Along with co-presenter Leah Voigt, she will explore key regulatory and sub-regulatory developments relating to the secondary use of data under FDA regulations, the Common Rule, and HIPAA, and will also use case studies to explore, in a practical context, the challenges and ambiguities that remain when pursuing internal secondary use initiatives and external collaborations, including implementation and contracting tips, insights, and strategies.

Recycle, Recycle, Recycle: Key Considerations for Research, Medical Education, and Other Secondary Uses of Data
AHLA Annual Meeting, Chicago, IL | June 26, 2018 | 9:45 – 10:45 am | Registration and program details.

McDermott’s Cocktail Reception during the AHLA Annual Meeting
The Art Institute of Chicago | June 26, 2018 | 6:00 – 8:00 pm
Following the programming on Tuesday, we invite you to join us for our annual cocktail reception at The Art Institute of Chicago. We look forward to an evening of networking, cocktails and private gallery tours with our colleagues, friends and fellow AHLA members. RSVP today!

The GDPR’s Effects in China: Comparison with Local Rules and Considerations for Implementation

by Jared T. Nelson and Shi Yuhang | May 31, 2018 | Consumer Protection, Cybersecurity, Data breach, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, General Interest

As Europe’s General Data Protection Regulation (GDPR) takes effect, companies around the world are racing to implement compliance measures. In parallel with the GDPR’s development, China’s new data protection framework has emerged over the past year and is in the final stages of implementing the remaining details. With similar and often overlapping obligations, full compliance with the GDPR and China’s data protection framework presents a significant new challenge for companies with operations in China.

Does the GDPR Apply to Companies in China?

The GDPR applies to the processing of personal data of people who are in the European Union, even for a controller or processor in China, where the processing of the data is related to:

The offering of goods or services to the data subjects in the European Union, regardless of whether a payment is required; or
The monitoring of people’s behavior in the European Union.

As a result, even if a Chinese company does not have any formal establishments in the European Union, the GDPR will nonetheless apply if it is conducting either of these two types of activities.

What Are the Requirements for Companies in China Subject to the GDPR?

The GDPR primarily focuses on two categories of entities: “controllers” and “processors.” These two types are similar to concepts in the Chinese rules. “Controllers” are entities that, alone or jointly with others, determine the purposes and means of the processing of personal data. “Processors” are entities that carry out the processing of personal data on behalf of the controllers.

Key requirements for most controllers under the GDPR: (more…)

Financing High-Growth Health IT Companies: McDermott and Capstone’s Panel Recap from HIMSS 18

by Daniel F. Gottlieb | Apr 11, 2018 | Big Data, Cybersecurity, Data breach, Data Privacy, General Interest

Earlier this month, more than 45,000 attendees descended on Las Vegas, NV, for the nation’s largest annual health care technology conference: the 2018 HIMSS Conference & Exhibition (HIMSS18). Conversations and educational sessions covered a wide range of health tech topics, with thought leaders, solutions developers, health system executives, patient advocates and care providers coming together to discuss the myriad obstacles and opportunities facing the health care technology industry today.

On Tuesday March 6, during the HIMSS conference, McDermott Will & Emery along with our friends at Capstone Headwaters convened a panel discussion on “Financing High-Growth Healthcare IT Companies, which I had the pleasure of moderating. The seasoned mix of health care finance and private equity professionals discussed the various types and sources of capital available to fuel high-growth health IT organizations and how to choose the right mix of capital to support a company’s growth needs. We also reviewed the legal and regulatory implications for investments in health care IT companies, and discussed considerations for optimal positioning in a value-based care environment. (more…)

Appeals Court Strikes Down Key Portions of FCC’s Onerous TCPA Rulemaking

by Daniel F. Gottlieb and Matthew L. Knowles | Mar 23, 2018 | Consumer Protection, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Email/Spam, General Interest, Text Messaging

Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not eliminate the prospect of TCPA liability and leaves important TCPA interpretive questions unresolved. Businesses should continue to be vigilant regarding consent and opt-out procedures when sending automated text messages and automated or pre-recorded calls to consumers. Continue Reading

Order now: The Law of Digital Health Book

by Vanessa K. Burrows, McDermott Will & Emery, Amanda Enyeart, Anisa Mohanty, Amy C. Pimentel, Bernadette M. Broccolo, Dale C. Van Demark, Jiayan Chen, Lisa Mazur, Marshall E. Jackson, Jr., Michael W. Ryan, Ryan S. Higgins and Scott Weinstein | Mar 20, 2018 | Big Data, Cloud, Consumer Protection, Data Privacy, General Interest, Telehealth

Designed to provide business leaders and their key advisors with the knowledge and insight they need to grow and sustain successful digital health initiatives, we are pleased to present The Law of Digital Health, a new book edited and authored by McDermott’s team of distinguished digital health lawyers, and published by AHLA.

Visit www.mwe.com/lawofdigitalhealth to order this comprehensive legal and regulatory analysis, coupled with practical planning and implementation strategies. You can also download the Executive Summary and hear more about how Digital Health is quickly and dynamically changing the health care landscape.

Explore more!